πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3267 β€Ό

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.

πŸ“– Read

via "National Vulnerability Database".
458 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3268 β€Ό

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.

πŸ“– Read

via "National Vulnerability Database".
467 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3256 β€Ό

Use After Free in GitHub repository vim/vim prior to 9.0.0530.

πŸ“– Read

via "National Vulnerability Database".
449 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Tarfile path traversal bug from 2007 still present in 350k open source repos πŸ—“οΈ

Warning added to Python documentation was deemed preferable to a patch

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tarfile path traversal bug from 2007 still present in 350k open source repos
Warning added to Python documentation was deemed preferable to a patch
393 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40446 β€Ό

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

πŸ“– Read

via "National Vulnerability Database".
315 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40443 β€Ό

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.

πŸ“– Read

via "National Vulnerability Database".
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40447 β€Ό

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

πŸ“– Read

via "National Vulnerability Database".
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40146 β€Ό

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38398 β€Ό

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

πŸ“– Read

via "National Vulnerability Database".
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40444 β€Ό

ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1941 β€Ό

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

πŸ“– Read

via "National Vulnerability Database".
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38648 β€Ό

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

πŸ“– Read

via "National Vulnerability Database".
304 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text] ⚠

Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
Latest episode – listen now! Learn why adopting 2FA isn’t a reason to relax your other security precautions…
309 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Digital Guardian Named A Top Data Loss Prevention Solution by Expert Insights πŸ”

An independent editorial team and technical analysts praised Digital Guardian's quick deployment, on-demand scalability, and full visibility into data.

πŸ“– Read

via "".
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35037 β€Ό

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e.

πŸ“– Read

via "National Vulnerability Database".
230 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35029 β€Ό

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35032 β€Ό

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35024 β€Ό

OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40934 β€Ό

Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_sub_category,id

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35021 β€Ό

OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35035 β€Ό

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b559f.

πŸ“– Read

via "National Vulnerability Database".
169 views